Variety is Not the Spice of Life When it Comes to Secure Destruction

Variety is Not the Spice of Life When it Comes to Secure Destruction

Most organizations support a variety of work environments.

Large organizations are necessarily going to have multiple and widespread operations, including a
headquarters, regional offices, operations and data centers, records storage facilities, sales offices,
and warehouse and manufacturing facilities. And, though to a lesser degree, even medium- and
small-sized companies are likely to have an administrative offices, off-site records storage, and sales
and technical representatives in the field. They are also like to have some percentage of employees
work from home.

The point is, large or small, to some extent, most organizations operate from a variety of locations.

Of course, each of these separate locations is going to operate differently. depending on their
function, leadership, location, and other considerations. The training required is certainly different.
So, probably is the dress code or uniform, maybe even the pay scale.

There are some things however, on which their polices should not vary. It would be a big mistake, for
instance, if they weren’t all subject to the same fair labor practices.

Unfortunately, one of the areas in which these differing operations do vary but should not is in their
approach to data destruction. While a headquarters might take secure destruction of their discarded
information very seriously, the distribution center in the neighboring state doesn’t. Frankly, this can
even happen within the same building, where the accounting department demonstrates very high
due diligence when hiring a secure data destruction firm, while the IT department sells old
computers to the highest bidder with little regard for the required security.

Of course, in the latter example there is a double dose of inconsistency since some of those casually
discarded computers very likely contain lots of information that the accounting department was trying
to protect.

At the end of the day, the problem with such inconsistency three-fold.
First, the efforts of those operations or departments doing the right thing are undermined by those
that are not.

Second, if personal information from one of the operations or departments putting the organization at
risk turns up, the regulators or attorneys representing the harmed individuals are going to point to
security-minded facilities to establish that the organization was well aware of their obligation to
protect the information.  

Lastly, if the organization was ever in a position to defend its intellectual property, all the opposing
counsel would have to do is point to the fact that the organization had no consistency in the manner
in which it treated its trade information.

It is a basic management strategy to create a written policy for those things for which an organization
requires consistency. One thing you can bet on is that when there are disparate secure destruction
practices between operations, there are no written secured destruction policies. This is probably why
a written data protection policy is required by every data protection regulation on the books!

Let us help!

The Shred America team includes some of the leading regulatory and data destruction professions
in the world with the expertise to help our clients create simple, concise, globally compliant media
destruction policies and procedures.

Contact us today. It’s worth having the confidential conversation and you’ll be surprised how simple
and easy we make it.